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INTERNSHIP CERTIFICATE 


ABSTRACT 


The presentation will cover various aspects of cyber security 
and how they relate to the role of a cyber security analyst. We 
will begin with an overview of the presentation and then move 
on to other topics, including the company where I interned, 
the key responsibilities of a cyber security analyst, important 
cyber security concepts, and my skills and lessons learned 
during the internship. Name of the company where the 
internship took place: Tata Consultancy Services (TCS) 


Tata Consultancy Services is a global leader in IT services, 
digital, and business solutions. The company operates in over 
46 countries and has a workforce of over 500,000 employees. 
TCS provides a range of services including consulting, 
application development, and maintenance, digital 
transformation, and business process services. The company's 
mission is to help clients achieve their business objectives by 
leveraging digital technologies and innovative solutions. 
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1. Introduction 


This project report serves as a comprehensive overview of the 
Cyber Security Analyst Internship at TCS , to provide me with 
hands-on experience in cyber security operations, to develop 
my skills in identifying and responding to cyber threats, and to 
familiarize me with the latest security tools and technologies. 
The goals of the internship were to provide me with a 


foundation in cyber security, to prepare me for a career in the 
field, and to contribute to TCS's overall cyber security 
operations.. 


1.1 Company Profile 


Name of the company where the internship took place: Tata 
Consultancy Services (TCS) 


Tata Consultancy Services is a global leader in IT services, 
digital, and business solutions. The company operates in over 
46 countries and has a workforce of over 500,000 employees. 
TCS provides a range of services including consulting, 
application development, and maintenance, digital 
transformation, and business process services. The company's 
mission is to help clients achieve their business objectives by 
leveraging digital technologies and innovative solutions. 


TCS has a strong focus on cyber security and has implemented 
a robust cybersecurity framework to protect its clients' data 
and assets. The company has a dedicated team of cyber 
security experts who monitor the company's systems 24/7 to 
detect and respond to cyber threats. 


2. Project Overview: CYBER SECURITY OPERATIONS 
2.1 Project Introduction 


Project Introduction: 


TCS offers a wide range of cybersecurity services to clients, 
including: 


Security consulting: TCS provides strategic consulting services 
to help clients assess their cyber security risks and develop a 
comprehensive security strategy. 


Identity and access management: TCS helps clients manage 
user identities and access to critical systems and data. 


Threat and vulnerability management: TCS provides threat 
and vulnerability assessment services to help clients identify 
and remediate potential security vulnerabilities. 


Security operations center (SOC) services: TCS operates a 
state-of-the-art SOC that provides real-time monitoring and 
response to cyber threats. 


Overall, TCS has a strong reputation for providing reliable and 
innovative cybersecurity solutions to clients across industries 


FUNCTIONAL AND NON-FUNCTIONAL REQUIREMENTS 


1. CSOC analyst are recruited to meet a wide range of 
needs. They must be capable of doing a wide range of 
duties, including reporting, to enhance their security 
posture by monitoring and analyzing security events and 
incidents, identifying security gaps and vulnerabilities, 
and recommending appropriate security controls and 
countermeasures. 


2. Monitoring security alerts and events: A SOC analyst 
monitors and analyzes security events and alerts 
generated by various security tools, such as SIEM 
(Security Information and Event Management) systems 
and Crowdstrike Falcon. 


3. Investigating security incidents: SOC analysts investigate 
and respond to security incidents, such as malware 
infections, and data breaches. They work with other IT 


and security teams to identify the scope of the incident 
and develop an appropriate response. 


4. To detect and respond to security incidents: Cyberattacks 
and security incidents are on the rise, and companies 
need to be prepared to detect and respond to them 
quickly and effectively. 


5. All the alerts is already on-boarded on demisto tool , so 
we received alerts on demisto tool. Demisto is a security 
orchestration, automation, and response (SOAR) platform 
that helps security teams automate and streamline their 
incident response processes. The platform enables 
security teams to connect and orchestrate security tools, 
automate workflows, and collaborate across teams to 
respond to security incidents faster and more efficiently. 
Demisto provides several options for creating report 
summaries, depending on the specific use case and 
requirements of the organization. 


6. Incident summary report: Demisto allows users to 
generate incident summary reports that provide a high- 
level overview of security incidents. The report includes 
information such as the incident type, severity, status, 
and key indicators, as well as any associated tasks, notes, 
or attachments. This report can be customized to include 
specific fields and filters, and can be exported in various 
formats, such as PDF, CSV, or HTML. 


7. SLA compliance report: Demisto enables users to track 
and report on compliance with service level agreements 
(SLAs). The SLA compliance report provides an overview 
of the number of incidents, tasks, and SLA breaches, as 
well as the time to resolution for each incident. This 
report helps organizations identify areas for improvement 
and ensure that they are meeting their SLA commitments. 


8. Demisto enables users to monitor and report on user 
activity within the platform. The user activity report 


provides information such as the number of incidents 
handled, the time spent on each incident, and the types of 
actions taken. This report helps organizations track the 
effectiveness of their security teams and identify 
opportunities for training and development. 


3. Methodology 


Agile is an approach to software development that seeks the 
continuous delivery of working software created in rapid 
iterations. However, the phrase "agile methodology" is 
misleading because it implies that agile is a singular approach 
to software development. Agile is not a set of prescriptions for 
exactly which actions to take in software development. 
Instead, it is a way of thinking about collaboration and 
workflows and it is a set of values which guide our choices in 
regards to what we make and how we make it. 


In practical terms, agile software development methodologies 
are all about delivering small pieces of working software 
quickly to improve customer satisfaction. These methodologies 
use adaptive approaches and teamwork to focus on continuous 
improvement. Usually, agile software development consists of 
small, self-organizing teams of software developers and 
business representatives regularly meeting in-person 
throughout the software development life cycle. 
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Planning 


Before you begin configuring integrations and ingesting 
information from 3rd parties, you should plan ahead. 
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This is an iterative process. After you initially create your 
fields and incident types, as well as implement them in your 
incident layouts, you will start the process of ingesting 


information. You will then see how accurately you have 
mapped out your information. Make changes as you go along 
and learn more about the information you are receiving. 
Information that is not mapped to fields will be available in 
labels, of course, but it is much easier to work with the 
information when it is properly mapped to a field and 
displayed in the relevant layouts. 


Configure Integrations 


You configure integrations with your 3rd-party products to 
start fetching events. Events can be potential phishing emails, 
authentication attempts, SIEM events, and more. 


Classification and Mapping 


Once you configure the integrations, you have to determine 
how the events ingested from those integrations will be 
Classified as incidents. For example, for email integrations, you 
might want to classify items based on the subject field, but for 
SIEM events, you will classify by event type. In addition, you 
have to map the information coming from the integrations into 
the fields that you created in the planning stage 


Pre-processing 


Pre-processing rules enable you to perform certain actions on 
incidents as they are ingested into Cortex XSOAR directly from 
the UI. Using the rules, you can select incoming events on 
which to perform actions, for example, link the incoming event 
to an existing incident, or based on configured conditions, drop 
the incoming incident altogether. 


Incident Created 


Based on the definitions you provided in the Classification and 
Mapping stage, as well as the rules you created for pre- 
processing events, incidents of various types are created. The 
incidents all appear in the Incidents page of the Cortex XSOAR 


user interface, where you can start the process of 
investigating. 


Running Playbooks 


Playbooks are triggered either when an incident is created or 
when you run them manually as part of an investigation. When 
triggered as part of an incident that was created, the 
playbooks for the type of incident that was classified will run 
on the incident. Alternatively, if you are manually running a 
playbook, you can select whichever playbook is relevant for 
the investigation. For example, playbooks can take IP address 
information from one integration and enrich that IP address 
with information from additional integrations or sources. 


Post-processing 


Once the incident is complete and you are ready to close it out, 
you Can run various post-processing actions on the incident. 
For example, send an email to the person who opened the 
incident informing them that their incident has been resolved, 
or Close an incident in a ticketing system. 


4.Working 


The day-to-day activities of a SOC (Security Operations 
Centre) intern typically involve: 


Analysing Security Incidents: When a security incident is 
detected, SOC analysts will investigate and analyse the 
incident to determine the extent of the damage, how it 


happened, and what data or assets were affected. They will 
document their findings and report them to management or 
other stakeholders. 


Incident Response: In the event of a security breach or 
incident, SOC analysts will work to contain the damage and 
prevent it from spreading further. They will take immediate 
steps to isolate affected systems, block malicious traffic, and 
contain any data breaches. 


Collaborating with Other Teams: SOC analysts work closely 
with other teams in the organization, such as IT, network 
operations, and application development, to ensure that 
security measures are integrated into all systems and 
processes. They may also work with external partners, such as 
law enforcement or security vendors, to investigate and 
remediate security incidents. 


Documentation and Reporting: SOC analysts must document 
and report all security incidents, investigations, and 
remediation efforts. They must maintain detailed records and 
provide regular reports to management and other stakeholders 
to ensure that they are aware of the organization's security 
posture and any potential risks. 


Staying Up-to-Date with Security Trends: SOC analysts must 
stay current with the latest security trends and best practices 
to ensure that their organization's security systems are 
effective and up-to-date. They may attend conferences, read 
industry publications, and participate in training and 
development programs to stay informed. 


5. Tools and Technologies 


1. XSOAR: XSOAR is a security orchestration, automation, and 
response platform that streamlines incident response 
processes and integrates with various security tools for 
efficient incident handling. 


2. Microsoft Azure: Microsoft Azure is a cloud computing 
platform that offers a wide range of services for building, 
deploying, and managing applications and infrastructure, 
including virtual machines, storage, databases, and more. 


3. Cortex XDR: Cortex XDR is a comprehensive detection and 
response platform that combines endpoint protection, 
detection, and response capabilities to provide advanced 
threat detection and prevention. 


4. FireEye: FireEye is a cybersecurity company that offers 
various solutions, including network security, email security, 
endpoint security, and threat intelligence, to help 
organizations detect and respond to advanced cyber threats. 


5. Sentinel: Sentinel is a cloud-native security information and 
event management (SIEM) solution provided by Microsoft 
Azure, offering intelligent security analytics and threat 
detection across the entire enterprise. 


6. RSA Archer: RSA Archer is a governance, risk management, 
and compliance (GRC) platform that enables organizations to 
manage multiple dimensions of risk, compliance, and business 
continuity in a unified manner. 


7. Trellis CASB: Trellis CASB (Cloud Access Security Broker) is 
a tool that provides visibility, control, and data protection for 
organizations using cloud services, helping to ensure secure 
and compliant cloud usage. 


8. Cisco Umbrella: Cisco Umbrella is a cloud-based security 
platform that provides DNS and web filtering, threat 


intelligence, and secure web gateway functionality to protect 
users from internet threats. 


9. GRA UEBA: GRA UEBA (User and Entity Behavior Analytics) 
is a tool that uses machine learning and advanced analytics to 
detect anomalous behavior and identify potential insider 
threats within an organization. 


10. GWS Admin: GWS Admin is an administration tool for 
managing Google Workspace (formerly G Suite) services, such 
as user accounts, email, documents, calendars, and 
collaboration tools. 


11. Azure Defender: Azure Defender is a cloud-native security 
solution offered by Microsoft Azure, providing advanced threat 
protection across workloads, including virtual machines, 
containers, and cloud services. 


12. Zscaler Proxy Console: Zscaler Proxy Console is a cloud- 
based proxy service that provides secure internet access and 
enforces security policies for users, regardless of their location 
or device. 


13. CyberArk: CyberArk is a privileged access management 
(PAM) solution that helps organizations secure and manage 
privileged accounts, credentials, and secrets to prevent 
unauthorized access and data breaches. 


6.Contribution 


After my internship, I have got a deep understanding of 
various security tools and technologies, such as demisto, SIEM 
(Security Information and Event Management) systems, and 
Crowdstrike tools. I will be able to configure and manage 
these tools and understand how they work together to provide 
a comprehensive security solution. 


I have got a strong understanding of network protocols and 
architectures, including TCP/IP, DNS, HTTP, and SSL. They 
should be able to analyze network traffic and identify 
anomalies that may indicate a security threat. 


SOC analysts need to have a solid understanding of common 
operating systems and applications, such as Windows, Linux, 
and Microsoft Office. They should be able to identify and 
respond to security threats that target these systems and 
applications. 


I have got a thorough understanding of incident response 
procedures, including how to detect, analyze, and respond to 
security incidents. 


Got communication and collaboration skills, as they often work 
closely with other IT and security teams to identify and 
respond to security incidents. They should be able to 
communicate technical information clearly and concisely to 
both technical and non-technical stakeholders. 


SOC analysts need to be lifelong learners, as the security 
landscape is constantly evolving, and new threats and 
technologies emerge regularly. They should be proactive in 
keeping up to date with the latest trends and developments in 
the field and continuously refining their skills and knowledge. 


6.1 Results 
Skills and Lessons Learned: 
Technical Skills: 


Proficiency in using various cyber security tools and 
technologies 


Knowledge of network security protocols and standards 


Understanding of vulnerability assessment and penetration 
testing methodologies 


Soft Skills: 
Effective communication skills 
Teamwork and collaboration skills 


Problem-solving and analytical skills 


7.Conclusion 


@ Monitoring security alerts and events with additional 
details on the process 


@ Investigating security incidents with examples 


@ Detecting and responding to security incidents and how it 
contributes to the organization's security posture with 


examples 


@ Use of Demisto tool for receiving alerts 


@ Incident summary report generation in Demisto with an 
example 


@ SLA compliance report generation in Demisto with an 
example 


@ User activity monitoring and reporting in Demisto with 
additional details on the process. 


